Does anyone differentiate between the above two and made a list of Peventative measures being classed as risk reduction or minimising Impact of Incidents, Where Housekeeping under headings of Process, People & Tools (Network, Software & Hardware) against similar headings for Corrective Actions?